Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clearly apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Fig. 1 is a schematic diagram illustrating an architecture of a wireless attack defense system applied to a wireless AP, where the wireless attack defense system includes a wireless AP and a plurality of network devices accessing the wireless AP, and as shown in fig. 1, the architecture 100 of the wireless attack defense system includes a wireless AP110, a network device 120, a network device 130, and a network device 140; wireless AP110 connects network device 120, network device 130, and network device 140; the wireless AP110 includes a driver module 111, a kernel module 112, an application module 113, and a wireless attack defense device 114, where the wireless attack defense device 114 is disposed in the driver module 111.
In the embodiment of the present invention, any two network devices communicate with each other, the network device at one end first sends a message to the wireless AP110, and the wireless AP110 sends the received message to the network device at the other end; for example, the process of sending a packet to the network device 130 by the network device 120 is: network device 120 sends a message to wireless AP110, and after receiving the message, wireless AP110 sends the message to network device 130. The wireless AP110 receives a plurality of messages sent by the network device 120, the network device 130, and the network device 140 within a preset time period, and then performs wireless attack detection and defense through the wireless attack defense device 114.
The embodiment of the invention provides a wireless attack defense device 114, which comprises a message receiving module, a message analyzing module, a message counting module and a message filtering module; the message receiving module is used for receiving a plurality of messages within a preset time length; the message analysis module is used for analyzing each message in the plurality of messages to obtain attribute information of each message; the message counting module is used for counting the number of messages corresponding to each attribute information in all the attribute information corresponding to the plurality of messages; and the message filtering module is used for determining attack messages in the plurality of messages and deleting the attack messages. Based on the wireless attack defense device 114 provided in the above embodiment, the embodiment of the present invention provides another wireless attack defense device 114, which further includes a timer detection module, configured to send instruction information to the message filtering module, so that the message filtering module determines an attack message.
Fig. 2 is a schematic flowchart illustrating a wireless attack defense method applied to a wireless access point AP according to an embodiment of the present invention.
Based on the system architecture shown in fig. 1, as shown in fig. 2, a method for defending against a wireless attack applied to a wireless AP according to an embodiment of the present invention includes the following steps:
step S201: the wireless attack defense device receives a plurality of messages within a preset time length;
step S202: the wireless attack defense device analyzes each message in the plurality of messages and determines attribute information of each message in the plurality of messages; the attribute information comprises the message type and the source address of the message;
step S203: the wireless attack defense device determines the message corresponding to the attribute information in the plurality of messages as an attack message under the condition that the number of the messages corresponding to the attribute information is larger than the message type number threshold value corresponding to the attribute information aiming at each attribute information in all the attribute information corresponding to the plurality of messages;
step S204: and deleting the message determined as the attack message through a driving module of the wireless AP.
In step S201 of the embodiment of the present invention, the preset duration is set according to the actual application requirement, and is not specifically limited herein; for example, the preset duration is 2 seconds, the wireless attack defense device receives a plurality of messages within 2 seconds, and step S202, step S203 and step S204 are continuously executed; repeatedly executing step S201, step S202, step S203 and step S204 within the next 2 seconds; optionally, the multiple messages received by the wireless attack defense apparatus may be messages sent by multiple network devices, or may be messages sent by one network device.
In step S202 in the embodiment of the present invention, optionally, all attribute information corresponding to a plurality of messages may be the same or different. The attribute information is the same, that is, the message types are the same and the source addresses are the same; the attribute information is different, and the following conditions are included: the method comprises the following steps that in the first case, message types are the same and source addresses are different; in the second case, the message types are different and the source addresses are the same; and in case three, the message types are different and the source addresses are different.
For example, the wireless attack defense device receives four messages, wherein the attribute information of each of the four messages is the same, for example, the message types of the four messages are all related messages, and the source addresses are all MAC 1; or, the attribute information in the four messages is different, for example, the message types of three of the four messages are related messages, the source address is MAC1, the message type of the remaining one message is an authentication message, and the source address is MAC 1; for another example, two of the four messages have the message type of authentication message and the source address of MAC1, and the other two messages have the message type of authentication message and the source address of MAC 2.
In step S203 in the embodiment of the present invention, the threshold of the number of types of messages is set according to actual application requirements, which is not specifically limited herein. The message type quantity thresholds corresponding to the messages of all types can be the same or different; for example, the message type includes an authentication message and an association message, the threshold of the number of authentication messages is set to 32, and the threshold of the number of association messages is set to 35; the wireless AP is accessed into two network devices, namely a network device I and a network device II; the address of the first network device is MAC1, and the address of the second network device is MAC 2; the network equipment sends 66 messages to the wireless AP, wherein the messages are respectively 30 authentication messages and 36 association messages; the network equipment sends 70 messages to the wireless AP, wherein the messages are respectively 40 authentication messages and 30 association messages; then, for 66 messages with the source address of MAC1, the number 36 of associated messages is greater than the threshold value 35 of the number of associated messages, and it can be determined that the associated message with the source address of MAC1 is an attack message; for 70 messages with the source address of MAC2, the number 40 of authentication messages is greater than the authentication message number threshold 32, and it can be determined that the authentication message with the source address of MAC2 is an attack message.
To describe how to determine an attack packet more clearly according to the attribute information of each packet, an embodiment of the present invention provides an example of attribute information of multiple packets, for example, a preset duration is 2 seconds, 200 packets are received within 2 seconds, and a packet type number threshold corresponding to each type of attribute information is set to be 30. Table 1 illustrates an example of attribute information of a plurality of packets.
Table 1 example of attribute information for multiple packets
As shown in table 1, the total number of received messages within 2 seconds of the preset duration is 200, the messages are classified according to the attribute information, and the number of the messages corresponding to each attribute information is determined. The type of the message in the attribute information 1 is an authentication message, the source address is MAC1, and the corresponding message quantity is 40; the type of the message in the attribute information 2 is an associated message, the source address is MAC1, and the corresponding message quantity is 25; the type of the message in the attribute information 3 is a de-authentication message, the source address is MAC1, and the corresponding message quantity is 25; the type of the message in the attribute information 4 is a beacon message, the source address is MAC2, and the number of the corresponding messages is 20; the type of the message in the attribute information 5 is an associated message, the source address is MAC2, and the number of the corresponding messages is 35; the type of the message in the attribute information 6 is an authentication message, the source address is MAC3, and the corresponding message quantity is 25; the type of the message in the attribute information 7 is a disassociation message, the source address is MAC3, and the corresponding number of messages is 30. The number threshold of the message types corresponding to each attribute information is 30, wherein the number of the authentication messages corresponding to the attribute information 1 in table 1 is 40, and the number of the association messages corresponding to the attribute information 5 in table 1 is 35, both of which are greater than the number threshold of the message types corresponding to each attribute information 30, so that it can be determined that 40 messages corresponding to the attribute information 1 and 35 messages corresponding to the attribute information 5 are attack messages.
In the embodiment of the invention, the wireless attack defense device receives a plurality of messages within a preset time length; analyzing each message in the plurality of messages, and determining attribute information of each message in the plurality of messages; the attribute information comprises the message type and the source address of the message; determining a message corresponding to the attribute information in the plurality of messages as an attack message under the condition that the number of the messages corresponding to the attribute information is larger than the threshold value of the number of the message types corresponding to the attribute information aiming at each attribute information in all the attribute information corresponding to the plurality of messages; therefore, the attack message can be effectively determined; deleting the message determined as the attack message through the drive module of the wireless AP, so that on one hand, the attack message is deleted, wireless attack defense is effectively carried out, and the attack message is prevented from entering the kernel module of the wireless AP; on the other hand, after the attack message is determined, the attack message is deleted through the driving module of the wireless AP, the information of the attack message does not need to be uploaded to the wireless centralized controller, and then wireless attack defense is carried out in time.
Based on the foregoing embodiment, correspondingly, the method for defending against a wireless attack applied to a wireless AP according to the embodiment of the present invention further includes: for each attribute information in all attribute information corresponding to a plurality of messages, under the condition that the number of the messages corresponding to the attribute information is not larger than the threshold value of the number of the message types corresponding to the attribute information: and sending the message corresponding to the attribute information in the received multiple messages to a kernel module of the wireless AP through a driving module of the wireless AP.
In the embodiment of the present invention, the attribute information of a plurality of messages is described as an example of the content shown in table 1. As shown in table 1, the total number of received messages within 2 seconds of the preset duration is 200, the messages are classified according to the attribute information, and the number of the messages corresponding to each attribute information is determined. The threshold value of the number of message types corresponding to each attribute information is 30, as shown in table 1, the message type in the attribute information 2 is an associated message, the source address is MAC1, and the corresponding number of messages is 25; the type of the message in the attribute information 3 is a de-authentication message, the source address is MAC1, and the corresponding message quantity is 25; the type of the message in the attribute information 4 is a beacon message, the source address is MAC2, and the number of the corresponding messages is 20; the type of the message in the attribute information 6 is an authentication message, the source address is MAC3, and the corresponding message quantity is 25; the type of the message in the attribute information 7 is a disassociation message, the source address is MAC3, and the corresponding number of the messages is 30; therefore, the messages whose number of messages corresponding to the attribute information is not greater than the threshold of the number of message types corresponding to the attribute information are: and sending the messages corresponding to the attribute information 2, the attribute information 3, the attribute information 4, the attribute information 6 and the attribute information 7 to a kernel module of the wireless AP through a driving module of the wireless AP. Therefore, in the embodiment of the invention, the driving module of the wireless AP only sends the normal message to the kernel module of the wireless AP, and the situation that whether the normal message is an attack message is determined by sending all messages to the kernel module of the wireless AP in the prior art is not the case that the normal message is sent to the kernel module of the wireless AP, so that the embodiment of the invention can prevent the kernel module of the wireless AP from processing a large number of attack messages to cause a hang-up state, and saves the resource occupancy rate of the kernel of the wireless AP.
The embodiment of the present invention provides another embodiment, and for each attribute information in all attribute information corresponding to a plurality of messages, a value of a flag bit of a message type included in the attribute information is set to a preset value; the preset values comprise zero and a first preset value, wherein the first preset value is an integer which is not zero; if the preset value is zero, the message number of the message type included in the attribute information is not more than the message type number threshold value corresponding to the attribute information; or; if the preset value is the first preset value, it indicates that the number of the message types included in the attribute information is greater than the threshold value of the number of the message types corresponding to the attribute information.
Specifically, determining whether a plurality of messages are attack messages according to the preset value of the flag bit of the message type includes the following two conditions: one situation is: determining a message corresponding to the attribute information in the plurality of messages as an attack message under the condition that the number of the messages corresponding to the attribute information is larger than the threshold value of the number of the message types corresponding to the attribute information, wherein the determining comprises the following steps: under the condition that the number of the messages corresponding to the attribute information is determined to be larger than the threshold value of the number of the message types corresponding to the attribute information: setting the value of the flag bit of the message type included in the attribute information as a first preset value, and recording a source address included in the attribute information; determining the message types in the plurality of messages and the message corresponding to the source address as an attack message under the condition that the value of the zone bit of the message type is determined to be a first preset value; and deleting the message determined as the attack message through a driving module of the wireless AP. The other situation is as follows: under the condition that the number of the messages corresponding to the attribute information is not larger than the threshold value of the number of the message types corresponding to the attribute information: and setting the value of the flag bit of the message type included in the attribute information to zero, determining that the message corresponding to the attribute information is not an attack message, and sending the message corresponding to the attribute information in the received multiple messages to a kernel module of the wireless AP through a driving module of the wireless AP.
It should be noted that the first preset values corresponding to the flag bits of different message types are different; for example, taking the example that the message types include an authentication message, a de-authentication message, an association message, a beacon message, and a de-association message, the first preset value corresponding to the flag bit of the authentication message is 1, the first preset value corresponding to the flag bit of the de-authentication message is 2, the first preset value corresponding to the flag bit of the association message is 3, the first preset value corresponding to the flag bit of the de-association message is 4, and the first preset value corresponding to the flag bit of the beacon message is 5.
In order to more clearly describe how to determine the attack packet according to the preset value, in the embodiment of the present invention, the attribute information of a plurality of packets is described as an example of the content shown in table 1.
Table 2 exemplarily shows an example of the preset values obtained according to the attribute information of the plurality of packets shown in table 1.
As shown in table 2, classification is performed based on the packet type in each attribute information of 200 packets received within 2 seconds, and the preset values corresponding to the flag bits of different packet types are determined according to the packet number corresponding to the packet type in each attribute information. In table 1, 200 messages are classified according to the number of messages corresponding to the message type in each attribute information, and then a preset value corresponding to the attribute information 1 is 1, a preset value corresponding to the attribute information 2 is 0, a preset value corresponding to the attribute information 3 is 0, a preset value corresponding to the attribute information 4 is 0, a preset value corresponding to the attribute information 5 is 3, a preset value corresponding to the attribute information 6 is 0, and a preset value corresponding to the attribute information 7 is 0; that is to say, the preset value corresponding to the attribute information 1 is the first preset value, and the preset value corresponding to the attribute information 5 is the first preset value, that is to say, both the message corresponding to the attribute information 1 and the message corresponding to the attribute information 5 are attack messages, and then the attack messages are deleted through the driving module of the wireless AP.
As can be seen from the above example, in the embodiment of the present invention, by setting the value of the flag bit of the packet type included in each attribute information to a preset value, it is determined whether a packet corresponding to each attribute information in a plurality of packets is an attack packet according to the preset value; therefore, the wireless network attack can be quickly detected, and the wireless network attack can be quickly defended.
Optionally, after determining a packet corresponding to the attribute information in the multiple packets as an attack packet, the method further includes: and reporting the source address corresponding to the attack message. In the embodiment of the invention, the source address corresponding to the attack message is reported through the message filtering module, so that the upper application software can record the source address included in the attack message and the attack log in each preset time length. Therefore, the attack log on the wireless AP is convenient for users to consult so as to further establish the strategy of wireless attack defense.
The embodiment of the invention combines a wireless attack defense device to specifically explain the wireless attack defense process: the wireless attack defense method is completed in a Linux module driver, and is completed by the cooperation of a message receiving module, a message analysis module, a message statistical module, a timer detection module and a message filtering module, and the specific process is as follows:
the message receiving module receives a plurality of messages acquired from a wireless data message interface and sends the plurality of messages to a cache region of the message analyzing module; before each preset time length starts, initializing a cache region of a message analysis module, and resetting the cache region to zero so as to enable messages cached in the cache region to be a plurality of messages within the preset time length;
the message analysis module analyzes a plurality of messages in the cache region, calls an analysis function to analyze the attribute information of each message to obtain the message type and the source address of each message, and calls an output interface to output the message type and the source address of each message to the message statistical module;
the message counting module counts the number of messages corresponding to each source address and message type through a message counting structure body according to the message type and the source address of each received message, and sends a counting result to the timer detection module after receiving a timing signal sent by the timer detection module; initializing a message statistical structure body before use;
the timer detection module sets a flag bit of a message type included in the attribute information of each message to be a preset value according to the number of messages corresponding to the attribute information of each message; setting a preset value to be zero when the number of the messages corresponding to the attribute information is not more than the threshold value of the number of the message types corresponding to the attribute information; setting a preset value as a first preset value and recording a source address included by the attribute information under the condition that the number of the messages corresponding to the attribute information is greater than the threshold value of the number of the message types corresponding to the attribute information; the timer detection module sends a source address and a preset value included by the attribute information to the message filtering module;
after the message filtering module receives the source address and the preset value of the zone bit included by the attribute information, the message filtering module processes a plurality of messages: if the preset values corresponding to the zone bits of all the message types are determined to be zero, directly sending a plurality of messages to a kernel module; if the first preset value exists in the preset values corresponding to the zone bits of all the message types, determining the message corresponding to the first preset value as an attack message, recording a source address in the attack message, and deleting the attack message.
According to the embodiment of the invention, whether the attack message exists or not can be detected within the preset time, and the attack message is directly deleted in the drive module of the wireless AP under the condition of determining the attack message, so that the time delay of wireless attack defense is reduced, the wireless attack defense is effectively and timely carried out, and the stability of the network where the network equipment accessed to the wireless access point is located is improved.
In any of the foregoing embodiments, the packet type included in the attribute information includes any one of the following: authentication message, deauthentication message, association message, disassociation message, Dynamic Host Configuration Protocol (DHCP) message, and beacon message.
In the embodiment of the invention, the wireless attack types include a disk operating system Authentication (Authentication Dos) attack message, a Deauthentication (Deauthentication) message attack, a Disassociation (Disassociation look) message attack, a DHCP flooding attack, a Beacon message attack (Beacon flow) and the like.
In order to more clearly describe the above method flow, the following examples are provided in the embodiments of the present invention.
Fig. 3 is a schematic flowchart illustrating another wireless attack defense method applied to a wireless AP according to an embodiment of the present invention, where based on the system architecture shown in fig. 1, as shown in fig. 3, another wireless attack defense method applied to a wireless AP according to an embodiment of the present invention is implemented by a wireless attack defense device; the method comprises the following steps:
step S301: receiving a plurality of messages within a preset time length through a message receiving module;
step S302: analyzing each message in the plurality of messages through a message analysis module, and determining attribute information of each message in the plurality of messages; the attribute information comprises the message type and the source address of the message; the message type included in the attribute information includes any one of the following: authentication message, de-authentication message, association message, de-association message, Dynamic Host Configuration Protocol (DHCP) message, and beacon message.
Step S303: counting the number of messages corresponding to the attribute information of each message in the plurality of messages through a message counting module, and sending the plurality of messages, the attribute information and the number of messages corresponding to the attribute information to a timer detection module;
step S304: determining whether the number of the messages corresponding to the attribute information is larger than a message type number threshold value corresponding to the attribute information or not through a timer detection module aiming at each attribute information in all the attribute information corresponding to a plurality of messages; if yes, sending all messages of which the number of the messages corresponding to the attribute information is greater than the threshold value of the number of the message types corresponding to the attribute information to a timer detection module, and executing the step S305; if not, all messages of which the number of the messages corresponding to the attribute information is not more than the threshold value of the number of the message types corresponding to the attribute information are sent to a timer detection module, and the step S306 is executed;
step S305: setting the value of the flag bit of the message type included in the attribute information to be a first preset value through a timer detection module, recording the source address included in the attribute information, sending the message corresponding to the attribute information, the first preset value corresponding to the flag bit of the message type and the source address to a message filtering module, and executing the step S307;
step S306: setting the value of the flag bit of the message type included in the attribute information to zero through a timer detection module, and sending the message corresponding to the attribute information and the value zero corresponding to the flag bit of the message type to a message filtering module;
step S307: determining whether the value of the flag bit of the message type included in the attribute information is set to a first preset value or not through a message filtering module; if yes, go to step S308; if not, go to step S311;
step S308: determining a message corresponding to the message type included in the attribute information in the plurality of messages as an attack message through a message filtering module;
step S309: deleting the message determined as the attack message through a message filtering module;
step S310: reporting a source address corresponding to the attack message through a message filtering module;
step S311: and sending the message corresponding to the attribute information in the received multiple messages to a kernel module of the wireless AP through a message filtering module.
From the above, it can be seen that: the wireless attack defense device is arranged on the wireless AP, and receives a plurality of messages within a preset time length; analyzing each message in the plurality of messages, and determining attribute information of each message in the plurality of messages; the attribute information comprises the message type and the source address of the message; determining a message corresponding to the attribute information in the plurality of messages as an attack message under the condition that the number of the messages corresponding to the attribute information is larger than the threshold value of the number of the message types corresponding to the attribute information aiming at each attribute information in all the attribute information corresponding to the plurality of messages; therefore, the attack message can be effectively determined; deleting the message determined as the attack message through the drive module of the wireless AP, so that on one hand, the attack message is deleted, wireless attack defense is effectively carried out, and the attack message is prevented from entering the kernel module of the wireless AP; on the other hand, after the attack message is determined, the attack message is deleted through the driving module of the wireless AP, the information of the attack message does not need to be uploaded to the wireless centralized controller, and then wireless attack defense is carried out in time. Moreover, the method provided by the embodiment of the invention saves the overhead caused in the network transmission process in the prior art that the information of the attack message needs to be sent to the wireless centralized controller, thereby reducing the network load and improving the stability and the safety of the network where the network equipment accessed to the wireless AP is positioned. Further, the method provided by the embodiment of the present invention is applicable to many wireless network architectures, and is not limited to the network architecture including the wireless AP and the wireless centralized controller AC, so that the method of the embodiment of the present invention may be implemented in any network architecture including the wireless AP, and the portability of the method is good.
Fig. 4 is a schematic structural diagram illustrating a wireless attack defense device applied to a wireless AP according to an embodiment of the present invention.
Based on the same conception, the wireless attack defense device applied to the wireless AP provided by the embodiment of the invention is used for executing the method flow, and the wireless attack defense device is positioned on the driving module of the wireless AP; as shown in fig. 4, the wireless attack defense apparatus 400 includes a message receiving module 401, a message parsing module 402, a message counting module 403, and a message filtering module 405; the wireless attack defense apparatus 400 further includes a timer detection module 404, wherein:
a message receiving module 401, configured to receive multiple messages within a preset duration;
a message analyzing module 402, configured to analyze each message in the multiple messages, and determine attribute information of each message in the multiple messages; the attribute information comprises the message type and the source address of the message;
a message counting module 403, configured to count, for each attribute information in all attribute information corresponding to the multiple messages, the number of messages corresponding to the attribute information;
a message filtering module 405, configured to determine, as an attack message, a message corresponding to the attribute information in the multiple messages when it is determined that the number of the messages corresponding to the attribute information is greater than the threshold of the number of message types corresponding to the attribute information, and delete the message determined as the attack message.
Optionally, the packet filtering module 405 is further configured to: under the condition that the number of the messages corresponding to the attribute information is not larger than the threshold value of the number of the message types corresponding to the attribute information: and sending the received message corresponding to the attribute information in the plurality of messages to a kernel module of the wireless AP.
Optionally, the wireless attack defense apparatus 400 further includes a timer detection module 404 configured to: receiving indication information sent by the message counting module 403 when counting that the number of the messages corresponding to the attribute information is greater than the threshold of the number of the message types corresponding to the attribute information; the indication information is used to indicate the timer detection module 404 to set a flag bit of a packet type included in the attribute information to a first preset value; setting a flag bit of a message type included in the attribute information as a first preset value according to the indication information; recording a source address included in the attribute information; sending the source address included in the attribute information to the message filtering module 405; the packet filtering module 405 is configured to: receiving a source address included in the attribute information; and under the condition that the value of the zone bit of the message type is determined to be the first preset value, determining the message type in the plurality of messages and the message corresponding to the source address as an attack message.
Optionally, the packet type included in the attribute information includes any one of the following: authentication message, de-authentication message, association message, de-association message, Dynamic Host Configuration Protocol (DHCP) message, and beacon message.
Optionally, the packet filtering module 405 is further configured to: and reporting the source address corresponding to the attack message.
From the above, it can be seen that: the wireless attack defense device is arranged on the wireless AP, and receives a plurality of messages within a preset time length; analyzing each message in the plurality of messages, and determining attribute information of each message in the plurality of messages; the attribute information comprises the message type and the source address of the message; determining a message corresponding to the attribute information in the plurality of messages as an attack message under the condition that the number of the messages corresponding to the attribute information is larger than the threshold value of the number of the message types corresponding to the attribute information aiming at each attribute information in all the attribute information corresponding to the plurality of messages; therefore, the attack message can be effectively determined; deleting the message determined as the attack message through the drive module of the wireless AP, so that on one hand, the attack message is deleted, wireless attack defense is effectively carried out, and the attack message is prevented from entering the kernel module of the wireless AP; on the other hand, after the attack message is determined, the attack message is deleted through the driving module of the wireless AP, the information of the attack message does not need to be uploaded to the wireless centralized controller, and then wireless attack defense is carried out in time. Moreover, the method provided by the embodiment of the invention saves the overhead caused in the network transmission process in the prior art that the information of the attack message needs to be sent to the wireless centralized controller, thereby reducing the network load and improving the stability and the safety of the network where the network equipment accessed to the wireless AP is positioned. Further, the method provided by the embodiment of the present invention is applicable to many wireless network architectures, and is not limited to the network architecture including the wireless AP and the wireless centralized controller AC, so that the method of the embodiment of the present invention may be implemented in any network architecture including the wireless AP, and the portability of the method is good.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made in the embodiments of the present invention without departing from the spirit and scope of the application. Thus, if such modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present application and their equivalents, the present application is also intended to encompass such modifications and variations.